Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPP-E All Questions

View all questions & answers for the CIPP-E exam
Go to Exam

Exam CIPP-E topic 1 question 162 discussion

Actual exam question from IAPP's CIPP-E
Question #: 162
Topic #: 1
[All CIPP-E Questions]

SCENARIO -
Please use the following to answer the next question:
BHealthy, a company based in Italy, is ready to launch a new line of natural products, with a focus on sunscreen. The last step prior to product launch is for BHealthy to conduct research to decide how extensively to market its new line of sunscreens across Europe. To do so, BHealthy teamed up with Natural Insight, a company specializing in determining pricing for natural products. BHealthy decided to share its existing customer information – name, location, and prior purchase history – with Natural Insight. Natural Insight intends to use this information to train its algorithm to help determine the price point at which BHealthy can sell its new sunscreens.
Prior to sharing its customer list, BHealthy conducted a review of Natural Insight’s security practices and concluded that the company has sufficient security measures to protect the contact information. Additionally, BHealthy’s data processing contractual terms with Natural Insight require continued implementation of technical and organization measures. Also indicated in the contract are restrictions on use of the data provided by BHealthy for any purpose beyond provision of the services, which include use of the data for continued improvement of Natural Insight’s machine learning algorithms.
Under the GDPR, what are Natural Insight’s security obligations with respect to the customer information it received from BHealthy?

  • A. Appropriate security that takes into account the industry practices for protecting customer contact information and purchase history.
  • B. Only the security measures assessed by BHealthy prior to entering into the data processing contract.
  • C. Absolute security since BHealthy is sharing personal data, including purchase history, with Natural Insight.
  • D. The level of security that a reasonable data subject whose data is processed would expect in relation to the data subject’s purchase history.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Ssourav at Aug. 6, 2024, 2:35 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Ssourav
3 months, 3 weeks ago
Selected Answer: A
A. Appropriate security that takes into account the industry practices for protecting customer contact information and purchase history. Explanation: GDPR Article 32 requires both data controllers and processors to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. This includes considering industry practices and the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel